A Malaysian man was indicted Thursday on charges he hacked into the networks of a number of financial institutions, including the Federal Reserve Bank of Cleveland, and amassed some 400,000 stolen credit and debit card numbers, according to federal prosecutors.
Lin Mun Poo, 32, was arrested Oct. 21 after he flew to the United States and met with an undercover U.S. Secret Service agent posing as a "carder," or a person who purchases stolen card numbers to withdraw cash from ATMs, according to a criminal complaint.
At the meeting, which took place in Queens, N.Y., Poo sold the undercover agent 31 credit and debit card numbers for $1,000, prosecutors said. He was arrested shortly after, and authorities found that the laptop he was carrying contained thousands of stolen numbers, "indicating that the defendant had infiltrated servers belonging to various financial institutions."
Poo told authorities that he obtained the stolen data by hacking into a foreign bank in September.
Poo's victims included FedComp, a Fairfax, Va.-based data processor for federal credit unions, which netted Poo access to the data belonging to entities such as the Firemen's Association of the State of New York and the Mercer County NJ Teachers Federal Credit Union, according to a U.S. attorney's office for the Eastern District of New York news release.
A FedComp representative could not be reached for comment on Friday.
In the case of the Federal Reserve Bank of Cleveland, no data was stolen, though Poo was able to exploit a vulnerability to gain access to a test system in June.
"There's been some confusion based on the wording in the Department of Justice news release," June Gates, a fed spokeswoman, told SCMagazineUS.com on Friday. "The incident here involved a test computer that is used to test software and applications. No Federal Reserve data or information was accessed or compromised."